Trusted Exchange Framework and Common Agreement Task Force Transcript June 11, 2019 Virtual Meeting
SPEAKERS Name Organization Role Arien Malec Change Healthcare Co-Chair John Kansky Indiana Health Information Exchange Co-Chair Noam Arzt HLN Consulting, LLC Public Member Centers for Disease Control and Prevention Laura Conn (CDC) Member Cynthia A. Fisher WaterRev, LLC Member Anil K. Jain IBM Watson Health Member David McCallie, Jr. Individual Public Member The University of Texas at Austin, Dell Aaron Miri Medical School and UT Health Austin Member Carolyn Petersen Individual Member Steve L. Ready Norton Healthcare Member Centers for Medicare and Medicaid Services Mark Roche (CMS) Member Mark Savage UCSF Center for Digital Health Innovation Public Member Sasha TerMaat Epic Member Grace Terrell Envision Genomics Public Member Andrew Truscott Accenture Member Sheryl Turney Anthem Blue Cross Blue Shield Member Denise Webb Individual Member Lauren Richie Office of the National Coordinator Designated Federal Officer Cassandra Hadley Office of the National Coordinator HITAC Back Up/Support Zoe Barber Office of the National Coordinator Staff Lead Kim Tavernia Office of the National Coordinator Back Up/Support Alex Kontur Office of the National Coordinator SME Morris Landau Office of the National Coordinator Back-up/Support
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 1
Michael Berry Office of the National Coordinator SME Debbie Bucci Office of the National Coordinator SME Kathryn Marchesini Office of the National Coordinator Chief Privacy Officer
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 2
Lauren Richie – Office of the National Coordinator for Health Information Technology – Designated Federal Officer Hello, everyone. Welcome to the TEFCA taskforce meeting today. We’ll get started with a quick roll call and then we’ll hand it over to John Kansky to get us started. I know of the members, we have John Kanksy, Carolyn Petersen, Denise Webb, David McCallie, Mark Savage, Noam Arzt, and Laura Conn. Did I miss anyone? Okay. John, I’ll turn it over to you before we get started with our draft recommendations.
John Kansky – Indiana Health Information Exchange - Co-Chair Thank you. Good morning or afternoon. I wanted to acknowledge that Arien remains engaged and energetic. He is dealing with some health issues, as I think many of you know, but I heard from him a couple times this week. We may not have the benefit of his brain today, but he remains engaged. So, I thought everyone might appreciate an update on Arien.
David McCallie, Jr. – Individual - Public Member Thanks so much. Appreciate that.
John Kansky – Indiana Health Information Exchange - Co-Chair Absolutely. I wanted to explain the approach that we are hoping to take today. We have gone straight to a draft transmittal letter. Don’t panic. We have a lot of work to do within that letter to talk about, discuss, refine, and edit. It just seemed to skip a step or two if we went through the ideas that we summarized and a first crack at recommendations right in the letter.
So, the idea of what we’re going to do today is to look at this first draft, the sections that we have initial recommendations on and then, as time permits, go through as many of those as we can to capture your feedback on, “Hey, you’re missing a recommendation,” or, “That’s not what I thought we all agreed on,” or, “Can you change that comment to a semicolon, etc., etc.” Let me ask – any objections to that approach or any questions about that approach?
David McCallie, Jr. – Individual - Public Member This is David. What’s the timetable on this draft and when does it get delivered? Just remind me of that flow.
John Kansky – Indiana Health Information Exchange - Co-Chair Yeah. So, we’re presenting – Zoe, you or Lauren may be better off commenting on that – I just know that we have to have a draft version to present at the HITAC meeting on the 11th – sorry, I got the date wrong.
Lauren Richie – Office of the National Coordinator for Health Information Technology - Designated Federal Officer The 19th.
Cynthia A. Fisher – WaterRev, LLC - Member
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 3
19/19.
John Kansky – Indiana Health Information Exchange - Co-Chair June 19th, thank you. Then final recommendations by July 11th.
David McCallie, Jr. – Individual - Public Member So, what we’d be working on here would be an initial round that could be presented on the 19th. So, we might want to touch lightly on all the areas or do we want to go deep on some of them and say we’ll get to do the rest of them later. Is it a depth-first or breadth-first search here?
John Kansky – Indiana Health Information Exchange - Co-Chair Yeah. I didn’t have a well-defined plan other than to say I thought we would review the areas in which we have recommendations quickly in the first, I don’t know, five minutes or so and then circle back and actually start with Section 2.2 of the letter, skipping over 2.1 on the basis that it’s the most high-level and philosophical and important. 2.2 to the bottom is a little bit more concrete and needs more specific input.
So, my idea, David, was, after overviewing the sections, start with 2.2 and see how far we could get and then pick up where we left off tomorrow. I hadn’t really contemplated trying to be high-level versus low-level. So, I guess, level.
David McCallie, Jr. – Individual - Public Member Okay. That’s fine. We can obviously spend a whole day on a single one of these. So, you’ll have to work hard to keep us moving.
John Kansky – Indiana Health Information Exchange - Co-Chair I’ll do my best. Good point.
Mark Savage – UCSF Center for Digital Health Innovation- Public Member This is Mark. My only thought to David’s question is if we go light and once we go deep changing things, it can be a little confusing for HITAC. So, it may be – leave it to you and Arien to decide the level of depth at any particular point in time, but just to guard against going so light that we might have changed something down the road.
John Kansky – Indiana Health Information Exchange - Co-Chair Well, I would say that we’re going to know more in about 20 minutes of how we might go. So, let’s dive in and see. We might surprise ourselves. Okay. With that, do we have – I’ve got to get my screen straight here. Are we projecting the letter now? Yes, we are. Okay. So, go back up to 2.1 for a second, if you would. So, I’m just going to walk – I believe all of you have a copy of the letter in your email, if you haven’t figure that out by now, but it’s also projected on the screen.
The first section was, if you remember, in our first call, we started with a general
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 4 conversation about the value and purpose of TEFCA and its coordination with or its need to work in conjunction with info blocking. That’s the section I’m suggesting we skip for the moment and circle back to.
The second section, 2.2, is on applicable law and some of our discussions that we’d had about how some of the boundary conditions that were discussed in the context of HIPAA and other applicable law. We have a couple of recommendations, some of which, I guarantee are going to create some discussion.
Section 3 was related to the definition structure and application process for QHINs. We touched on that on an earlier call. My recollection of the conversation was largely not controversial. So, as of right now, we don’t have any specific comments to go in there, but absolutely wanted to touch on that in case there was something that we missed or that the taskforce wanted to consider for inclusion.
Section 4 is QTF, including the modalities and exchange purposes and we have a couple of recommendations that we have captured initially from those conversations. Section 4.1 was individual access services specifically. Section 4.2 was public health. We do not have any specific recommendations in there, but there was significant conversation about public health and public health was used as an example a couple of times. So, we kind of have a blank spot plugged in there and wanted to prompt the taskforce for any further discussion on public health and the need for recommendations.
Section 5 is privacy, including 5.1, the meaningful choice discussion, including a couple of recommendations there. 5.2 – this is starting to sound more familiar because we’ve slept fewer times since we’ve talked about these things – summary of disclosures and auditable events.
And then Section 6 is all of the security topics. That takes us to the end of the letter, but that includes 6.1, use of data outside the US, 6.2, which is controlled unclassified information, 6.3, security tagging, 6.2 again, certificate authority backup and recovery, and 6.4 – so, we’re going to have to have creative use of cardinal numbers there – identity proofing and authorization.
Okay. So, that’s your flyover of the letter. Any comments before we circle back to – I was going to suggest applicable law, 2.2, and dive in?
David McCallie, Jr. – Individual - Public Member I think we should start with 2.1.
John Kansky – Indiana Health Information Exchange - Co-Chair Okay. We certainly can.
David McCallie, Jr. – Individual - Public Member I have a couple of comments on that one. I think that’s maybe the most important space, in a
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 5 way.
John Kansky – Indiana Health Information Exchange - Co-Chair Okay. I don’t disagree. That was one of those that I agreed with your comment that we could spend an hour. So, let’s try 2.1. Let’s not spend an hour, but I agree that it’s important. Okay. So, this was based on – there’s a little bit of background there in prose – but Recommendation No. 1 was based on our observation that TEFCA should express the policy aims of enabling better treatment, quality of care, and a more efficient healthcare system.
My observation – I’ll see the clouds – it seems like we need a couple more sentences if we expect ONC to be able to make anything useful of that. David McCallie has his hand raised.
David McCallie, Jr. – Individual - Public Member So, I agree with Recommendation 1, of course, motherhood and apple pie. My thoughts are to enumerate a little bit more – my concerns are to enumerate some other choices around this notion of how you incentivize adaptation of the TEF. So, we raised a broad question of why would existing exchanges, which are functioning reasonably well today, find any reason to join TEF? What’s the motivation, either the business motivation or the regulatory motivation or whatever?
So, we’ve got one choice there, which is that participation in the TEF may or may not influence whether you are an information blocker – I think maybe we can craft that language a little bit, but I agree that’s one of the concerns or one of the choices that ONC has to work through, ONC and CMS.
But I think there are some other ones that could be considered in our recommendations, one of which would be conditions of participation. It could easily be structured so that in order to participate in Medicare, a provider has to be a member of a TEF. That’s one choice, whether we can weigh in or not on that one.
Then the third one would be federal partners such as the VA could require participation in the TEF if you want to participate in Veteran’s Choice or whatever the new one that just got passed, VA Mission or whatever it is, that allows providers to see VA patients. So, there’s more to this than just information blocking for Recommendation 2B or 2C or something like that. Does that make sense?
John Kansky – Indiana Health Information Exchange - Co-Chair I understand. You’ll see in Recommendation 4 under 2.2, we get into information blocking a little bit, but your point was well-made. I heard a couple of different things. I heard we should have a recommendation that ONC should consider how adoption of TEF is going to be incented or consider what the incentives are and act accordingly. That’s sort of a general version of what you said. Is that fair?
David McCallie, Jr. – Individual - Public Member Yeah.
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 6
John Kansky – Indiana Health Information Exchange - Co-Chair And then of course, the specific version would be, “And we suggest the following incentives…” Do we need to go that far is question number one for me.
David McCallie, Jr. – Individual - Public Member Well, none of the things that I listed are secrets, but I think they are – if the taskforce felt strongly about some of them, whether they are good ideas or not, we should probably weigh in on it. My guess is we probably don’t have a uniform perspective.
So, one could at least call that out and say considerations such as making TEF a condition of participation in federally funded healthcare, which would be CMS’s decision, not ONC, obviously, and federal partners’ decision to make TEF a requirement for participation in providing care paid for by the federal partners. Again, not an ONC decision, but something we could call out as a potential incentivize.
Again, maybe we don’t want to go into that political space, but that’s kind of what will make or break whether TEFCA works. It’s not going to come down to QTF decisions and MRTC. It’s going to come down to whether there’s an incentive.
John Kansky – Indiana Health Information Exchange - Co-Chair Right, and how much of an incentive you need given how – how can I say this? The less you like the sound of jumping in the pool, the larger the incentive you need to jump in. It’s a balance between what is the regulation – I’m sorry. It’s not a regulation. What does the TEFCA ecosystem entail? What does participation entail? And what incentive lovers the agencies want to use.
Let me also probe a little bit – are we worried about enough QHINs coming forward to be QHINs or are we worried about participants and participant numbers signing up and participating and are those two different questions?
David McCallie, Jr. – Individual - Public Member This is David again. There are entities out there performing the role of QHINs and entities performing the role of the RCE today. That’s goodness. The question is whether those entities will kind of step forward into the TEF era or whether they’ll say, “We’re doing okay without that. We’ll just continue what they’re doing.” That’s the concern. Between CommonWell and Carequality, just to name two, there’s a very high penetrance and growing all the time into providers.
There are plenty of participants. In the state HIEs – obviously some more successful than others, but some of them highly penetrant into their regions – many discussions underway to connect those together via Carequality and/or CommonWell. So, it’s all happening anyway. We’ll make it happen faster and better and if so, why, is, I guess, the question I would have. I don’t think there’s a question people are going to do it. They’re doing it already. Will they do it better with TEF? Go ahead. Sorry.
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 7
Sasha TerMaat – Epic - Member I do think we should talk about each of the specific levels of participation, though. Statutorily, the participation of a network is voluntary. That might certainly change how – I think it’s fairly clear, at least someone who’s more of a lawyer could weigh in – but it seems clear that networks are not obligated to participate, not supposed to interrupt their other work and so forth.
So, as we’re thinking about who needs to join, if the network can’t be obligated to join because of the way the statue is constructed, then the levers that David is mentioning, like conditions of participation for Medicare, would be aimed more at entities like the providers who would sign up with a particular network.
I worry that some of those levers will encounter the same types of burden/frustration that meaningful use has encountered historically, where providers feel like they’re being measured and evaluated outside of their direct control because if the network or networks that they’ve already been participating in for some time elect to not be a QHIN, potentially because of the expense or the chicken and egg problem of it being of limited value until others have also joined, then the providers will be in a spot where they have a potentially minimal ability to influence the entity that actually controls their ability to comply.
So, I would be very cautious about making a recommendation about these areas. I think that the recommendation to that we had drafted previously I think reflected the sentiment of the taskforce’s earlier conversation. Adding additional recommendations, I think, we had to think through cautiously. I’m hesitant.
David McCallie, Jr. – Individual - Public Member Well, it’s pretty watered down. I think it will be forced from bottom-up. That’s the whole point. QHINs will meet the need, I guarantee you, whether it’s the current QHINs or not. If the participants say, “We need this service,” someone will deliver it.
John Kansky – Indiana Health Information Exchange - Co-Chair Well, Mark has his hand raised. Let me get to him in a second. I wanted to take Chair’s prerogative and interject that David, it’s interesting that you say there are organizations already doing this and then suggest that it will be easy for organizations to keep doing it and join into this ecosystem. I’m concerned that the ecosystem has to be defined through TEFCA in a way such that those organizations can keep doing it and continue. Mark, you’re up.
Mark Savage – UCSF Center for Digital Health Innovation- Public Member Thank you. Two points, one on this particular thing and one to you to decide where it fits into the agenda – on this, just to note that the Cures Act says that yes, it’s voluntary, but federal agencies can require it by contract and agreement. That is a possibility. We can make a recommendation on that.
I personally think that’s a good thing to lift up that ONC should be considering that, making
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 8 recommendations about that. It has the advantage, perhaps, of being less specific about what the incentive is. It sort of leaves it to each federal agency to figure out what’s the best approach to it for its respective work, but to do it by contract.
The other thing I wanted to raise – it seems to fit within this overall section. It’s not just an information blocking thing, but also, to align with the ONC NPRM around API access, which is something I raised on the last call. I’m happy to talk to that at the appropriate time. I don’t want to take us off the current subject.
John Kansky – Indiana Health Information Exchange - Co-Chair Are we capturing that? Yes, thank you. So, what I’m taking away – there area lot of good notes – either in addition to or as part of Recommendation 1, we need to speak to ONC’s awareness of incentives to participate in TEFCA and possibly suggest or at least give examples of incentives that could be employed. Is that a fair summary?
David McCallie, Jr. – Individual - Public Member I’m okay with that.
Mark Savage – UCSF Center for Digital Health Innovation- Public Member Incentives or requirements?
John Kansky – Indiana Health Information Exchange - Co-Chair It’s by definition a voluntary framework, right?
David McCallie, Jr. – Individual - Public Member Right.
Mark Savage – UCSF Center for Digital Health Innovation- Public Member The framework, but as I mentioned, the Cures Act, it’s Section 4003 – it does have language, “As appropriate federal agencies contracting or entering into agreements with Health Information Exchange Networks may require that as each such network upgrades health information technology and operational practices, such network may adopt, where available, the Trusted Exchange Framework and Common Agreement published under blah, blah blah…”
John Kansky – Indiana Health Information Exchange - Co-Chair Got it.
Mark Savage – UCSF Center for Digital Health Innovation- Public Member That’s a way to make it required in particular situations.
John Kansky – Indiana Health Information Exchange - Co-Chair Got it. Go ahead.
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 9
David McCallie, Jr. – Individual - Public Member No, I’ve said enough. Go forward.
John Kansky – Indiana Health Information Exchange - Co-Chair We’ve got so many recommendations to choose from. Recommendation No. 2 was aimed at the undeniable relationship between information blocking and TEFCA and offering the following that – well, TEFCA rules and requirements should demonstrate alignment with the information blocking rule. For example, key definitions such as actors and electronic health information should be the same across both roles.
Therefore, the definition should be crafted in such a manner as to be rational and effective when applied in both information blocking and TEFCA context. Is that specific enough to be helpful? Do people generally agree with that? Do I need to expound on what we are trying to communicate?
Mark Savage – UCSF Center for Digital Health Innovation- Public Member This is Mark with a question. Actually, I’ll just raise my hand. You call when it’s appropriate.
John Kansky – Indiana Health Information Exchange - Co-Chair No, you’re good. You’re at the top of the queue.
Mark Savage – UCSF Center for Digital Health Innovation- Public Member I did not have a chance to do the checking before this call, but I seem to recall that on individual access services, there is a place where this might apply to non-HIPAA-covered entities. I didn’t go back to verify that that’s the case. If that’s the case, I would just want to make sure that we’re not making a broad statement here that somehow was in conflict with some things in other places. I don’t have more to say because I didn’t get a chance to look at it before the call.
John Kansky – Indiana Health Information Exchange - Co-Chair I think we need to deal with non-HIPAA-covered entities. I think there’s some language dealing with that specifically. I’m not seeing how – I’m trying to connect how expressing that certain definitions that we expect to – my understanding is that ONC – perhaps they can correct me if this is not true – that the expectation is that the definition of, for example, an HIN and the definition of EHI would be the same when applied in enforcing information blocking or implementing TEFCA. ONC, is that a fair point?
Zoe Barber – Office of the National Coordinator for Health Information Technology - Staff Lead I would say that’s the intention for this draft, but I can’t necessarily speak to what we do in future drafts.
John Kansky – Indiana Health Information Exchange - Co-Chair Okay. That doesn’t necessarily contradict our point, which is that we’re suggesting that sure
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 10 would be helpful if there were and if so, you can’t define actors or EHI looking through one lens or the other. You have to look at it through both. This is a Kanksy-endorsed bullet, in that flashing back to the Information Blocking Taskforce and working a lot on the definitions of actors and EHI, looking through that lens specifically, it’s going to be important in the implementation of both to have some consistency, was my opinion.
Mark Savage – UCSF Center for Digital Health Innovation- Public Member This is Mark again. I’m reading the recommendations and I think my point is not actually relevant here. So, apologies.
John Kansky – Indiana Health Information Exchange - Co-Chair I think it quickly becomes relevant.
Mark Savage – UCSF Center for Digital Health Innovation- Public Member But not here. Thank you.
John Kansky – Indiana Health Information Exchange - Co-Chair Got it. The second bullet was this, again, may sound familiar from information blocking because we’re now addressing it from the other side – participation in the TEFCA should not be a requirement of the information blocking regulation, but any enforcement action should give deference to TEFCA participation as a demonstrable and constructive intent against any claim that a provider or health information network knew – it’s words to say – this is around it shouldn’t be a requirement, nor should it be a safe harbor.
But if an organization is participating in TEFCA, it should be a good argument that they’re trying not to information block. That’s Kanksy words to say what this bullet is trying to get at. Any comments?
David McCallie, Jr. – Individual - Public Member This is David. Why are we wishy-washy about the safe harbor concept? I’m just trying to remember the discussion.
John Kansky – Indiana Health Information Exchange - Co-Chair I’m trying to bring back what the discussion was, but some of my own opinion may filter in, which is that the purpose of the information blocking regulation is to make sure nobody information blocks. The purpose of TEFCA is to create a national framework that bridges networks. Those goals are not the same.
So, while participating in TEFCA will help you share information, it doesn’t serve to guarantee that you won’t run afoul of information blocking. Therefore, just checking the box of being in TEFCA and being a citizen in good standing under TEFCA, that doesn’t guarantee that you won’t information block. Cynthia has her hand raised, followed by Mark. So, Cynthia, you’re up.
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 11
Cynthia A. Fisher – WaterRev, LLC - Member Thank you very much. Yes, this is Cynthia Fisher. Just on the information blocking and the Recommendation No. 2 – a concern is sort of this nuance because if an entity is actually making it difficult for an innovation tech company to be able to get access on behalf of a patient for their data – I’ll give an example that we’ve been learning about, asking for 20 percent equity in their business or 20 percent of the revenues or 20 percent of any revenues of entities that they do business with, even if it’s like an Uber or a Lyft. So, those types of asks are so unreasonable that one could consider it information blocking.
So, even if they participate in TEFCA, yet the behavior is to make it so difficult that the opened standardized APIs can’t really be utilized by entities that could provide efficient cost- effective timely and cost-producing mobile apps, that’s a problem.
So, I guess that’s my concern in no safe harbor and even this type of nuanced, “Well, if you’re doing TEFCA, you’re a good player and you get a gold star and you’re not information blocking.” I think that kind of deductive reasoning doesn’t play out when behaviorally, one could be information blocking in different ways. That makes it very difficult for broad ability for technology to innovate and have access.
John Kansky – Indiana Health Information Exchange - Co-Chair I’m trying to restate to make sure I understand your position. You’re saying yeah, just because you’re in TEFCA doesn’t mean you’re not information blocking.
Cynthia A. Fisher – WaterRev, LLC - Member Exactly. I think to give some type of protection or safe harbor or safe lane or whatever you want to call it, I think even this recommendation puts this umbrella of you’re in TEFCA, you’re a good [inaudible] [00:31:37], but in fact, there may be other plays that are nuanced that might not be direct information blocking but indirect information blocking that doesn’t get picked up otherwise.
John Kansky – Indiana Health Information Exchange - Co-Chair Acknowledging that I’m injecting my opinion as a taskforce member at this point, which is that I’m trying to channel the concept of negligence in legal terms. If the bar of proving that you did something wrong is negligence, what can you point to that shows that you are at least trying, even if you end up being found guilty, TEFCA would be like, “Hey, this organization wasn’t completely not trying to share data. They ran afoul of information blocking in this specific way, but hey, at least they were in TEFCA.” It’s a mitigator. It’s not a safe harbor. I’m hearing that you’re somewhat uncomfortable with that characterization.
Cynthia A. Fisher – WaterRev, LLC - Member Well, I just was throwing it out as a potential slippery slope. I just think information blocking is there because this is what is happening across the industry. This was a piece about changing the game so people have readily available access. I just think any way that we have accountability that allows data to flow is a good thing. I just want to make sure the committee is sensitive to not going down a slippery slope of embracing that this is a cover for
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 12 other practices that can be…
John Kansky – Indiana Health Information Exchange - Co-Chair I think this gets a little bit to David’s earlier assertion of there may need to be some things that make TEFCA appeal to potential participants. Mark Savage and then David.
Mark Savage – UCSF Center for Digital Health Innovation- Public Member So, I would fall more on the side of just saying participation into TEFCA is a fact, not even saying give deference. I think in the real world, people will point to that and say, “I didn’t mean to. I was trying to do the right thing.” Somebody will decide, “I don’t think we should put our thumbs on the scales with the definitions Congress and ONC are already working on.”
I’d be comfortable here with saying it’s a relevant fact, not saying deference, not saying mitigation, none of those things. Either you are engaged in information blocking according to the definitions or you’re not.
John Kansky – Indiana Health Information Exchange - Co-Chair So, we shouldn’t try to create any relationship between participation in TEFCA and information blocking?
Mark Savage – UCSF Center for Digital Health Innovation- Public Member We shouldn’t try to suggest that participation in TEFCA proves that something that might otherwise have happened didn’t actually happen, that information blocking that happened shouldn’t be called information blocking anymore because you’re participating in TEFCA.
Cynthia A. Fisher – WaterRev, LLC - Member I agree.
John Kansky – Indiana Health Information Exchange - Co-Chair Okay. I’m fine with trying to – it may simplify this second bullet down to participation in TEFCA should not be a requirement in information blocking nor should participation in TEFCA be a safe harbor for information blocking. David has his hand up.
David McCallie, Jr. – Individual - Public Member Thanks. I think this discussion has reminded me of the broader argument. That’s really helpful. I appreciate the comments. It’s clear that the information blocking rule is much broader than what is covered by TEFCA. I didn’t have the notion in mind that TEFCA was a free pass because information blocking covers much more than that.
But if participation in TEFCA has no bearing on whether one is considered an information blocker, then that’s one more incentive removed from any reasonable expectation that large numbers of providers are going to join and participate in TEFCA. It’s a double-edged sword.
If you take away the incentive, many people may say, “Hey, all we have to do is open up a
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 13 bunch of APIs. We can forget about these expensive networks. We’ll just publish our API and then we’re done. We’re not an information blocker because we’ve got all these APIs out there.” There’s nobody to coordinate access to them or manage NPIs and record locators. So what? You could have an unintended consequence that information blocking just turns everybody into isolated APIs. So, there’s a balance here. I don't know how to word it. It’s a tough…
John Kansky – Indiana Health Information Exchange - Co-Chair I think I’m where you’re at. I think there’s one more sentence. I just can’t come up with the sentence. Maybe we don’t get there. I’m going to make one last run at the Kansky perspective on this and see if I elicit any comments. If not, we’ll move on. The idea of this, “Hey, at least you’re trying,” concept – clearly, we don’t want information blocking and we want those who are information blocking actively or passively to be appropriately accountable.
However, as we go forth under the information blocking regulation once it exists and deliver healthcare and organizations are trying to figure out how to comply, there’s going to be 99 or 999 organizations who are complying or trying to comply with the regulation for every one who is clearly going to be subject to enforcement action.
So, trying to encourage participation in TEFCA and suggest that anybody who is participating in TEFCA is clearly in the spirit of TEFCA trying to share information. That’s all. I don’t feel that strongly about it. You guys are my best customers – and then Cynthia. Okay. David, you’re first.
David McCallie, Jr. – Individual - Public Member I didn’t have a new comment. I think I was residual hand raise from before.
John Kansky – Indiana Health Information Exchange - Co-Chair Okay. You get one back for free. Mark, you’re up.
Mark Savage – UCSF Center for Digital Health Innovation- Public Member For actual language, to try to have something, what I think you could say is that participation in TEFCA is a fact to consider in any claim that a provider or health information network, blah, blah, blah. I’m actually a little further – I’m seeing the editing going on here – I’m a little further at the deference.
John Kansky – Indiana Health Information Exchange - Co-Chair I appreciate that.
Mark Savage – UCSF Center for Digital Health Innovation- Public Member Okay. That doesn’t give it any sort of legal characterization, but it is a fact to consider instead of being silent about it.
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 14
John Kansky – Indiana Health Information Exchange - Co-Chair Fair point. Cynthia?
Cynthia A. Fisher – WaterRev, LLC - Member Yes, thank you. I just believe that we discussed earlier – I think it’s a separate point and I would basically lean on just not including it as having deference to not information blocking. I think they’re two separate and distinct things and the information blocking behavior can be done in various types of ways as we’ve witnessed in the consumer marketplace.
John Kansky – Indiana Health Information Exchange - Co-Chair I think we’re going to end up deleting…
Cynthia A. Fisher – WaterRev, LLC - Member I would lean against it. I would even say that I do think we need to even, as a whole, be reflective of even – sort of the protectionism that TEFCA even built, in some sense, if we look at other industries like banking or retail IRI data or you look at other industries, we don’t have necessarily an overruling single entity in sort of the structure and the multiple layers that are built in this process.
So, I kind of look at TEFCA, have several additional layers that, if you look at examples of other industries, there can be straight up simpler distributed approach. So, I just would hate to see this utilized as giving deference for the technology that exists today versus an openness or perhaps even a better way for the future as we roll out. Anyway, I’m just throwing that out there, but that’s where I would lean.
John Kansky – Indiana Health Information Exchange - Co-Chair Okay. So, we’re going to say that it is not a safe harbor. We’ll take a look at the latter half of that sentence and it may not survive. Denise, you have your hand raised.
Denise Webb – Individual - Member Hi, thank you. So, as am I’m listening to both sides of this discussion, I can see validity on both sides. I don’t think participation in TEFCA should be a requirement and it shouldn’t be a safe harbor. But I really am concerned, as you are, about incentives for entities participating in TEFCA. I agree that it’s a balancing act and we’ve got to consider both sides and come to some place in the middle. The direction you’re going will probably take care of that.
John Kansky – Indiana Health Information Exchange - Co-Chair Thank you. I’m ready to move on to 2.2 if there is no objection. Okay. As part of our discussion in the taskforce, applicable law as it relates to TEFCA and those of you who presented boundary conditions may have to – there was some great discussion in this regard – you may need to bring up your examples again to help us.
Recommendation No. 3 – covered entities and business associates that already meet the appropriate obligations should not need to address additional contracting terms unless there are specific additional terms above and beyond HIPAA. ONC should clearly state new
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 15 obligation requirements that may require updates to existing agreements as well as meeting existing obligations for covered entities and business associates would also meet TEFCA requirements.
ONC should develop a mapping process to help map existing contractual terms and conditions to TEFCA terms and conditions. It’s a lot of words. I think what the intent of what we’re trying to get at there is that if TEFCA can be constructed in a way that covered entities and business associates who are complying with HIPAA address the obligations that are needed for a TEFCA, then let that be good enough.
If TEFCA requires additional obligations that go beyond HIPAA, ONC should call those out more clearly. I guess it’s a way of saying it’s not clear to us whether the requirements in TEFCA go beyond HIPAA or not and if they don’t, then covered entities and business associates should be good. If they do, then please spell them out more clearly. Did anyone else – let me just shut up and listen. Noam has his hand raised. Thank you, Noam.
Noam Arzt – HLN Consulting, LLC - Public Member I would just say that if what you meant was the last thing you just said that was a much more concise way than the somewhat convoluted paragraph that’s being highlighted.
David McCallie, Jr. – Individual - Public Member Agreed.
John Kansky – Indiana Health Information Exchange - Co-Chair Okay. So, the intent of what I said is a good recommendation. The words we have right now, not so much.
Noam Arzt – HLN Consulting, LLC - Public Member That’s not exactly what I said either. I said if you’re intent is what you said, the way you said it the second time is better than the way it’s written. I have to think about whether I actually believe that that’s what we want to say it.
John Kansky – Indiana Health Information Exchange - Co-Chair Got it.
Noam Arzt – HLN Consulting, LLC - Public Member We have to think about that.
John Kansky – Indiana Health Information Exchange - Co-Chair Absolutely. So, thank you, Noam. Great point. I didn’t mean to imply otherwise. David, your hand is raised.
David McCallie, Jr. – Individual - Public Member Yeah. I’m not sure how to express my thought. I think I’m trying to, in my head, to think
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 16 through how to re-say what you said, but the way I would say it is there are many places in agreement where the language is, “…unless otherwise prohibited by existing law…” So, what we’re really asking for here is clarification of where the contractual relationships created by participation in TEF go above and beyond existing requirements of HIPAA.
John Kansky – Indiana Health Information Exchange - Co-Chair If we say nothing else, we’re asking ONC, “Hey, could you clarify whether anything in TEFCA goes beyond HIPAA because that’s not clear?”
David McCallie, Jr. – Individual - Public Member Yeah. Or clarify where the minimum terms, whatever the minimum contracting terms go beyond, require you to elevate above HIPAA and/or FTC. It’s contract at that point. It’s a contract that’s agreed to by your participation, essentially. They didn’t change HIPAA. They didn’t change FTC laws.
John Kansky – Indiana Health Information Exchange - Co-Chair In noting that Noam has his hand raised, let me sneak in one quick comment, which is as I think about this, really, what this is about is whether – if I have a participation agreement that I know touches all the necessary bases for HIPAA privacy and security and TEFCA can come out and say, “Okay, any covered entity that’s compliant with HIPAA privacy and security is good on all these points,” then I don’t need to write anything new into those participation agreements and that’s super helpful. That’s part of the practical aspect of this recommendation. Noam, you’re up.
Noam Arzt – HLN Consulting, LLC - Public Member I’m confused a bit. Don’t we already know that TEFCA, as proposed, is pushing us beyond HIPAA? Just the fact that it wants to make non-covered entities subject to HIPAA privacy and security is already pushing beyond HIPAA, just by the fact that meaningful choice feels a little different than the current consumer access requirement in HIPAA is already pushing beyond it.
A third point, I guess, is hasn’t the past whatever number of years in trying to craft participant agreements told us that unless everyone literally signs the same participant agreement, you can’t just wave your hands and say, “Well, mine sort of reads like yours. So, I guess they’re the same. So, I guess all the terms and conditions are the same.” That seems to be what you’re saying. That’s not what our experience has shown us, right? Especially when the lawyers get involved.
David McCallie, Jr. – Individual - Public Member I think that’s in Recommendation 4. I think Noam’s concerns are really valid there.
John Kansky – Indiana Health Information Exchange - Co-Chair Yeah. Let’s dive into – first of all, noting Noam’s point is well-made – Recommendation 3 is focused specifically at covered entities and business associates. So, noting that organizations that aren’t one of those, this recommendation wouldn’t apply to. I know that wasn’t your
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 17 whole point.
Zoe Barber – Office of the National Coordinator for Health Information Technology - Staff Lead John, just to piggyback on what Noam was saying, we do sort of already know that TEFCA goes above and beyond HIPAA even for covered entities and business associates just because we require all of the exchange purposes and we require response to all of the exchange purposes, whereas HIPAA is only permissive right now with regard to those treatment, payment, and operations.
John Kansky – Indiana Health Information Exchange - Co-Chair Okay. Go ahead.
David McCallie, Jr. – Individual - Public Member It’s a contract that a participant chooses to bind itself by. I think what we’re calling for in Recommendation 3 is to clarify that that’s what’s happening. Here’s where you are contractually going beyond what you were obligated to do under HIPAA. But it’s contractual, at that point. You signed a common agreement and therefore, you will agree to do these additional things.
John Kansky – Indiana Health Information Exchange - Co-Chair Does it help if we narrowed the recommendation to HIPAA privacy and security? Meaning a big part of Zoe is pointing out is that it’s not just treatment, payment, and operations, but as we do this stuff, there are privacy and security requirements – it may still not work because the reality may be, “Oh, yeah. We’re going beyond HIPAA.”
Maybe it’s two recommendations. No. 1 – the extent to which you can define TEFCA as not requiring things beyond what HIPAA requires is going to be super helpful for industry adoption. And two, in those areas where you’re going specifically beyond HIPAA, maybe clarifying that in some form that will help organizations understand and comply.
David McCallie, Jr. – Individual - Public Member Right. I think the spirit of Recommendation 3 is to clarify where the MRTCs would elevate your requirements beyond what you may already be matching because you’re a covered entity or you have a BAA with a covered entity. So, clarify, make it real clear where the MRTCs go beyond HIPAA.
John Kansky – Indiana Health Information Exchange - Co-Chair Correct. That was helpful. Thank you.
David McCallie, Jr. – Individual - Public Member Just so it’s easy for people to understand, “I’m agreeing to hold myself to a higher standard now or higher set of requirements because the MRTCs are more precise and more prescriptive than HIPAA is.” Zoe’s example was a great one.
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 18
John Kansky – Indiana Health Information Exchange - Co-Chair I think we’ve captured that. Let’s move on to Recommendation 4 while we’re in this brain space. I have a feeling there are going to be some opinions solicited here. Before I read it, the idea here is that a significant – we have 21st Century Cures saying don’t disrupt current networks – that’s point No. 1 – point No. 2 is we know that a big challenge for current networks is participation agreements that will have to be rewritten and the extent to which they will have to be amended is an obstacle to TEFCA participation. Does anybody disagree with either of those points so far?
Denise Webb – Individual - Member No, that’s good.
John Kansky – Indiana Health Information Exchange - Co-Chair So, the idea of Recommendation 4 is to try to come up with tactics to minimize that challenge on both sides of the equation. ONC wants networks to not be disrupted and wants them to participate in TEFCA and the networks want to not have their participation agreements amended any more than necessary. Therefore, Recommendation 4 – there’s an understanding that existing HINs and HIEs will need to amend the terms and conditions of the participation agreements to sign the CA and participate in the QHIN Exchange Network.
Those amended terms will flow down and impact participant and participant member agreements as well. In order to minimize the disruption to existing networks, we recommend that ONC employ regulatory tactics aimed at accepting terms and conditions in existing agreements whenever possible. I suspect we’re probably reasonably okay up to that point.
Now, here we go. Tactics could include a grandfather clause whereby existing networks already under operation would not need to revise their terms and conditions to avoid disruption to core operations. I guess I struggled with the fact that I know that tactic, there would be things that – for example, exchange purposes, if they’re not in the current agreement, you’re going to have to amend it.
Point No. 2 – empower the RCE to evaluate and approve a QHIN candidate existing participation agreement with or without modification – so, in other words, the RCE would have the authority to look at a QHIN existing network and say, “Hey, you know what? Your participation agreement is close enough on these nine points that you only need to amend it on 10, 11, and 12.”
The second half of that sentence is, “In turn, empower QHINs with authority to evaluate and approve existing participant agreements with support from the RCE and a process to appeal to the RCE.” The idea there was the QHINs would be able to similarly evaluate participant agreements and approve them kind of with line item veto, if you will.
The RCE would be able to help them interpret with questions about, “Hey, do you think this is good enough or not?” And any participant that was like, “Hey, they didn’t accept my blah,
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 19 blah, blah,” and that cause is fine could appeal to the RCE, admitting that process is completely hypothetical.
Then the third bullet was designating TEFCA terms and conditions as required and addressable, channeling that from, for example, HIPAA security that has required and addressable implementation specifications. Okay. I have a couple hands already. David, you are first up.
David McCallie, Jr. – Individual - Public Member Yeah. Unfortunately, except in quantum spaces, you can’t be both dead and alive at the same time. So, I’m guessing this would have to be tasked in some kind of phased adoption, whereby maybe an RCE could approve for temporary use existing contracts or existing agreements with a notion of phasing in the more demanding requirements over a period of time.
So, it doesn’t have to be all or none, but by such and such a date, you must have updated your contracts to the following concerns and then by such and such a date, this additional set of concerns would be required of you. That might be an approach that could work, but eventually, everybody has to be on the same agreement or it just won’t work, as per Noam’s earlier point.
John Kansky – Indiana Health Information Exchange - Co-Chair Yeah. When he was saying that, I was thinking ahead to this recommendation. Admittedly, there’s a little bit of fuzzy logic going on here. On the one hand, you don’t want to be in a situation of having to rewrite and resign 300 participation agreements to move a semicolon. On the other hand, if that semicolon is in a really important place and that’s your point and Noam’s point, you can’t not have the same agreement. Is that –
David McCallie, Jr. – Individual - Public Member I’m thinking more along the lines of take something like individual access services. There may be existing networks that can share patient data amongst providers but are not yet contractually amongst their members able to do individual access services. Would you exclude them from TEFCA until such time as they can participate in individual access or would you allow them to participate with a subset of services under their agreement that by a certain date, they would add the missing services. I could see the latter being a smart bootstrapping approach.
John Kansky – Indiana Health Information Exchange - Co-Chair Right. I think that’s a great way to incent participation in the network is to say, “Okay, you’re in, but you have 24 months or 18 months to meet the following or you’re not in anymore,” is a version of what you just said.
David McCallie, Jr. – Individual - Public Member Yeah.
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 20
John Kansky – Indiana Health Information Exchange - Co-Chair Noam had his hand raised, but let me prompt the rest of the taskforce to say if you don’t like these – these are just tactics could include – so, we’re saying to ONC, think about stuff like this – are there better or other tactics we could put on that list that accomplish the same thing? I’ll let that dangle out there. Noam, your comment is next.
Noam Arzt – HLN Consulting, LLC - Public Member So, I may have a good compromise to suggest. I’m not actually all that uncomfortable with the second bullet point about empowering the RCE because frankly, at the end of the day, they’re not going to be able to do it. It’s the grandfather clause that – who decides which clauses get grandfathered? I think if you struck the first bullet point and just left it up to the RCE, if they feel they can be true to TEFCA and approve someone’s existing participation agreement, my I trust them to do that.
I don’t think they’ll be able to do, frankly, once lawyers get involved, but if there’s a principle that we want to make here of trying to make this a little easier, I can sort of see that. I would suggest that we strike the first bullet point about grandfathering. I think that can be accomplished by the second bullet point by the RCE. In other words, someone has got to affirm whose clause is getting grandfathered.
David McCallie, Jr. – Individual - Public Member Maybe bootstrapping is a better thought than grandfathering. Grandfathering implies that you can continue to exercise what you did in the past, whereas what we’re talking about here is bootstrapping, where you can participate even though you’re not fully there yet, but we’ve got a timetable to get you there. Maybe that’s a subtle difference.
John Kansky – Indiana Health Information Exchange - Co-Chair I think that’s an important difference. Noam, how would you feel about that first bullet if it wasn’t the first bullet, but it was a version that said someone, probably the RCE, is going to have the authority to accept the current agreement that your network comes in on but having negotiated or specified a period of time before you’re all-in or fully compliant.
Noam Arzt – HLN Consulting, LLC - Public Member I think that’s what the second bullet says – empower the RCE to evaluate and approach a QHIN candidate that is getting an existing participation agreement.
John Kansky – Indiana Health Information Exchange - Co-Chair Okay. I guess what I’m really suggesting is including maybe in a separate bullet the concept of what David’s calling bootstrapping, which is a sort of over time, become compliant with…
Noam Arzt – HLN Consulting, LLC - Public Member Yeah. I’m not uncomfortable with that. I would also, I guess, point out another subtlety here. That second bullet is talking about QHIN. The little introductory paragraph in recommendation four is talking about participants.
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 21
John Kansky – Indiana Health Information Exchange - Co-Chair Well, the second half of the second bullet tries to extend that same concept to participants, which is arguably harder.
Noam Arzt – HLN Consulting, LLC - Public Member I see. Okay.
John Kansky – Indiana Health Information Exchange - Co-Chair The whole thing that I think – again, Kansky’s opinion – anything that we can do to – the RCE’s job is going to be hard enough. But I also think we want broad participation in TEFCA and the RCE is probably going to want a certain amount of flexibility to be successful. So, I’m trying to suggest to the ONC tactics that would create a process that’s in the interest of both of those things. Let the RCE have some authority to flex a little bit if it means that they can bring in an entire network’s worth of participants without major contract amendment. That’s all.
David McCallie, Jr. – Individual - Public Member To jump in on the tail of that comment, I have to go back and reread it, but there was the cohort notion in the draft that was designed to address this kind of bootstrapping thing. So, maybe the cohorts could have the requirements modified such that early cohorts could participate quickly with the expectation that later on, they have to meet a broader set of requirements. So, do the staging requirements in conjunction with that cohort process.
John Kansky – Indiana Health Information Exchange - Co-Chair So, are you suggesting – I want to make sure I understand your point – you could put those whose agreements are already good to go or able to amend them appropriately, in cohort one and if you need more time, you go in cohort two?
David McCallie, Jr. – Individual - Public Member Yeah. And the expectation in cohort one is that at some point in time, you have to meet additional requirements. I’m just trying to leverage that they already thought through this cohort notion and maybe that’s the way they could deal with an escalating set of minimum required conditions, a minimum floor that continues to rise.
John Kansky – Indiana Health Information Exchange - Co-Chair Okay. That makes sense. Are we okay to move on to – ironically, we just brought up cohorts. So, it’s a good segue. Just noting under the definitions, structure, and application process for QHINs, we did not have any recommendations yet. Is that still the case? Just asking the taskforce if we’ve missed something in that category.
Again, just to prompt people’s memories, this incorporates QHIN eligibility, which has been changed from TEF1 and broadened. It also includes the process of candidate QHINs and cohorts. Again, I’m just poking your brains to see if that elicits any feedback. Okay. No problem. We do not at this point appear to have any recommendations in that category and that’s fine.
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 22
Let’s move on to the QTF No. 4, the QTF exchange modalities and exchange purposes. Let me put this in RAM. I’m just reading Recommendation 5, as you may be as well. This is trying to incorporate encouraging ONC to communicate what it wants to see and not so much the how it should be done, which I think, channeling ONC – I guess they can speak for themselves – this is the direction they moved in between TEF1 and TEF2. So, are we saying that they should continue in that direction farther still? What would we recommend? David, you have your hand up.
David McCallie, Jr. – Individual - Public Member Yeah. I think it’s a broad space here. I think the notion that you shouldn’t have to necessarily do everything to be a participant is a reasonable recommendation. I don't know. It’s tricky. You need some minimum that everyone needs to meet. Otherwise there’s no purpose in it. I’m concerned still about the directed messaging, the push message service, which just makes little sense to me given the existence of direct. Maybe you don’t have to do that if you don’t think it adds any value. I don't know. I need to see more about it. I’m sorry. I don’t have a –
John Kansky – Indiana Health Information Exchange - Co-Chair No. I’m struggling similarly. To clarify, your statement was participants maybe shouldn’t have to do everything. You used the example of a modality as opposed to an exchange purpose. Is that a division that you make in your head? Do we think all participants should have to do all exchange purposes, but not necessarily all modalities or that’s something we need to think more about.
David McCallie, Jr. – Individual - Public Member Good catch. I was thinking of them kind of fused together, but they’re not. I think the modalities is one concern, for sure, but the purposes are probably more important. So, for example, we talked about the health record bank-style QHIN, which exercises individual access to go fetch and build an integrated record, perhaps in a disease-specific manner.
They would want to participate to be able to share that record with the rest of the network, but they aren’t able to do some of the other things that might be required. That should be allowed, I think, that kind of a specialized QHIN by permitted purposes. They’re doing a subset of the purposes. Maybe that’s covered in a different recommendation. That’s probably more important than the modality question. Does that make sense? Did I say that in a sensible way?
John Kansky – Indiana Health Information Exchange - Co-Chair I think we’ve captured it. So, my assumption – I don’t want to cut off Mark, who has his hand patiently raised. Let me hold my comment and let’s go to Mark.
Mark Savage – UCSF Center for Digital Health Innovation- Public Member So, this is a trusted exchange framework that is supposed to provide broad network connectivity, interoperability for the nation. I’m having a little bit of the difficulty thinking
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 23 through. Saying you don’t have to do everything or looking at the way things sometimes work, it’s more of a pick and choose option.
How that lines up, at the very least, I’d be interested in more discussion about how allowing somebody to say, “I’m signing up for a piece of the floor,” not all of the floor is consistent with the overall goal here. It makes more sense to me that we’re trying to build something and ONC has laid out the six exchange purposes and the three modalities because that’s what we need.
John Kansky – Indiana Health Information Exchange - Co-Chair It’s absolutely a valid point. I’m going to take off my Co-Chair’s hat and I’m going to put on my taskforce member hat and argue my side of this one, which is we go back to – it depends whether one is viewing TEFCA as, “Gosh darn it, we don’t have good interoperability in this country. So, we’re just going to define an ecosystem and we’re going to tell the world what the floor is and everybody’s going to do it,” or whether we view this as what – I don’t want to put this on David.
But back when we were talking at the very beginning, it’s like, “Hey, there are organizations that are already doing this, we just want to make sure they can do it within this structure and therefore accelerate it or move the country in the right direction. So, if we’re trying and it’s not a regulation – so, if we were writing a regulation that says, “Let’s define the floor of interoperability like HIPAA is a floor of privacy and security,” and let’s say nobody in the country can below this flow, that would be one thing.
We’re trying to write a voluntary framework – again, this is Kansky’s opinion – a voluntary framework that is going to be something organizations are going to see value in participating in and not are clubbed into participating in only if the Federal Government gets out all of its levers. That’s my opinion. End of paragraph. Okay. Mark and then David.
Mark Savage – UCSF Center for Digital Health Innovation- Public Member So, looking back at the language in the Cures Act, Congress defined inoperability. It laid out TEFCA and directed that TEFCA be established as one way to support that national need. I think there’s more oomph behind it than just saying it’s a voluntary framework. And then I think I’m still where I was earlier, which was these are the basic needs for the nation.
What I would add as a factual example to illustrate my concern – if everybody said, “Oh, thanks. I get to choose. I’m only going to do treatment,” and nobody’s doing public health and nobody’s doing some of the other things, that’s a problem. We have to design something that meets the needs of all.
John Kansky – Indiana Health Information Exchange - Co-Chair Admittedly, as written, it does not allow pick and choose. All participants and all participant members have to sign in for all exchange purposes. Let me stop for a moment to let ONC contradict me if that’s wrong.
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 24
Zoe Barber – Office of the National Coordinator for Health Information Technology - Staff Lead It’s not wrong. You have to be able to support responding to all of the exchange purposes. You do not have to initiate an exchange purpose.
John Kansky – Indiana Health Information Exchange - Co-Chair You’re not obligated to – got it. Good clarification. And then there’s no recommendation in here that says otherwise, to your point, Mark. I’ll say it this way – even if I’m of the opinion that you would get more adoption if you incorporate that flexibility, I understand your point and why you wouldn’t and therefore, that gets to a little bit of the first point of the recommendation we need to wordsmith a bit about encouraging ONC to realize that there’s going to have to be – how participants, participant members, and QHINs are incented to participate in TEFCA needs to be a consideration, carrots and sticks.
David, your hand is raised.
David McCallie, Jr. – Individual - Public Member Yeah. My proposal would be to rethink it along the lines of use cases that the RCE could craft, subject to ONC approval if that’s how that’s structured, that draw from these permitted purposes, but which address real world business needs that a sufficient number of stakeholders in the RCE are willing to commit to adopting.
So, that’s how it works in CommonWell and Carequality today. New use cases are proposed. They’re vetted by the members and the members either agree to support them or not. If a sufficient number of members agree to support them, they become an active use case and members then go and implement the technology.
So, you could, for example, have a health record bank use case that works the way I described an entity leveraging the fundamental right of individual access to assemble a record on behalf of a patient and then serve it back up, but they would not be expected, because their use case doesn’t include it, to respond to queries for payment and treatment or payment or any of the other modalities.
You could imagine a second use case that was – go ahead.
John Kansky – Indiana Health Information Exchange - Co-Chair Are you suggesting that the RCE would have the authority to apply that to the current proposed exchange purposes and phase them in over time or are you suggesting that would be how they would build use cases upon the exchange purposes we start with as defined under TEFCA?
David McCallie, Jr. – Individual - Public Member Yeah, sort of. I’m thinking this out as I say. So, bear with me if it makes –
John Kansky – Indiana Health Information Exchange - Co-Chair
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 25
Are you okay with the exchange purpose as a starting point or are just suggesting we need to give the RCE authority to phase in those exchange purposes? That’s a better way of saying –
David McCallie, Jr. – Individual - Public Member I’m suggesting define use cases on top of those exchange purposes that allow for that phasing in. And also allow for –
John Kansky – Indiana Health Information Exchange - Co-Chair So, use case is sort of a subset of an exchange purpose.
David McCallie, Jr. – Individual - Public Member Yeah. It’s actually a combination of exchange purposes to achieve a business goal, a market- friendly business goal. Let me just give you a second example that will maybe clarify a little bit. Public health has the interest in being able to query for records, but may not have the resources to be able to respond for queries. So, you can define a use case that says that’s okay.
Maybe in some future date, there’s a new use case that says the public health entities would participate bilaterally in querying for extended patient records but also serving up their immunization data, if they have it. The existing permitted purposes are too broad and ill- focused and making everybody have to do them all will be prohibitive for a voluntary network. I think shift to the use case focus on top of those. That might make sense.
John Kansky – Indiana Health Information Exchange - Co-Chair I’m writing that down and I’m sure ONC is capturing that as well. We are up to public comment. Sorry?
David McCallie, Jr. – Individual - Public Member I was just going to say that’s how CommonWell and Carequality both do it. So, I know it works. But it is a little different. I appreciate your listening to the long-winded explanation.
John Kansky – Indiana Health Information Exchange - Co-Chair No, appreciate the input. Public comment, please.
Lauren Richie – Office of the National Coordinator for Health Information Technology - Designated Federal Officer Thanks. Operator, can we open the line?
Operator If you would like to make a public comment, please press star-one on your telephone keypad. A confirmation tone will indicate your line is in the queue. You may press star-two if you would like to remove your comment from the queue. For participants using speaker equipment, it may be necessary to pick up your handset before pressing the star keys.
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 26
Lauren Richie – Office of the National Coordinator for Health Information Technology - Designated Federal Officer Thank you. Do we have any comments in the queue?
Operator No comments at this time?
Lauren Richie – Office of the National Coordinator for Health Information Technology - Designated Federal Officer Okay. John, I’ll hand it back to you. If we get any additional comments, I’ll let you know.
John Kansky – Indiana Health Information Exchange - Co-Chair Thank you. That leaves us at Recommendation 5A, which I’m hopeful may be more straightforward. I probably just jinxed us. This gets back to our discussion of what is called a – I’ve got to be more careful with my words – it’s called a broadcast query in here. It’s called a QHIN broadcast query in TEFCA 2. I’m just expressing kind of the confusion that we had and making a recommendation.
Given the broadcast query described in this draft of TEFCA is not the same as the generally understood industry term “broadcast query,” in other words, TEFCA 2 assumes the QHIN or participant will employ a record locator service to avoid large scale proliferation of queries – we recommend ONC either drop the distinction of targeted query and broadcast query or add explanation of the expected use of an [inaudible] [01:22:33].
I don't know that those words are perfect, but I think you see where we’re trying to go with that recommendation. Can anybody help improve that?
David McCallie, Jr. – Individual - Public Member David again. I think describe the functional requirement, but don’t use terms like broadcast or record locator at this point because they mix technology and function in ways that will confuse people. Rather than say directed query and broadcast query, the ability to fetch a record from a known location is one requirement.
Another requirement or another functional statement would be the ability to assemble our federated record from all locations of recent care. Then leave it to the RCE to figure out the technology to achieve those two different purposes and any additional ones that made sense in the long run. Does that make sense?
John Kansky – Indiana Health Information Exchange - Co-Chair It does. I’m wondering what ONC ends up calling their modalities. Maybe we can work on that. Noam has his hand raised.
Noam Arzt – HLN Consulting, LLC - Public Member Yeah, just that I really, really, really support what David just said.
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 27
David McCallie, Jr. – Individual - Public Member Yay.
Noam Arzt – HLN Consulting, LLC - Public Member Anything we can do to remove from the TEF part, anything that implies particular technical solutions or standards, I think, is good. We want to describe what this thing should do, not how it should do it in this part.
John Kansky – Indiana Health Information Exchange - Co-Chair So, that comment is completely consistent with the recommendation above as well. We need to rework 5A to avoid RLS or broadcast or encourage ONC to avoid such terms, but at the same time communicate what they functionally want to have happen. That morphs into the other recommendation to, whenever possible, describe functions not technical approaches.
Noam Arzt – HLN Consulting, LLC - Public Member Right. It may be challenging, as you say, to find certain labels for things because labels and pneumonics give us an easier way to talk about things. It may be a little challenging to find certain labels that don’t imply certain technologies, but you’ve got to try. That’s all.
John Kansky – Indiana Health Information Exchange - Co-Chair Okay. Thank you.
David McCallie, Jr. – Individual - Public Member It’s quite likely that if the cohort-style approach is taken that we discussed earlier, that some of the technologies that are actually mentioned by name in the current document would, in fact, be in use because they’re common and widely deployed. But let that be an RCE decision as opposed to something that is a required MRCT.
Zoe Barber – Office of the National Coordinator for Health Information Technology - Staff Lead This is Zoe. I just want to make sure that we’re clarifying between what we put in the MRTCs and then what’s in the QTF. So, it’s kind of everything that you guys are talking about, does that hold for the technical framework as well?
David McCallie, Jr. – Individual - Public Member My opinion would be to minimize the technical framework to maybe not address anything beyond minimum things like security and authorization and standards for authentication and authorization. Those are actually requirements, not technical. Minimizing the technical details anywhere, give that to the RCE. Tell us what the network does, telling the RCE what they have to do, “You must do the following, support the following use cases or functions.” They will clearly use existing technologies because that’s the fastest way to get there.
John Kansky – Indiana Health Information Exchange - Co-Chair
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 28
I’m going to throw out an endorsement for this concept that David is describing and see if we have general consensus. Noam, that seems consistent with what you were saying earlier.
Noam Arzt – HLN Consulting, LLC - Public Member Right.
John Kansky – Indiana Health Information Exchange - Co-Chair I don't know if anyone else on the taskforce wants to weigh in. I feel a stronger recommendation coming on. I’m writing some notes in the margin myself. Okay. Hearing no objection… We’ve just got just a couple of minutes. We’re not going to go – I guess we’ll have to pick up with Recommendation 6 next time.
This is just enough time to describe that our strategy before the call on Thursday is to hopefully turn around another version of this document. ONC Team, maybe we can figure out a way – let’s put a line in the document above and below how far we got today. We got up to but did not get through Recommendation 6. Anything else before we adjourn?
Zoe Barber – Office of the National Coordinator for Health Information Technology - Staff Lead I wanted to ask generally as a process question – we’re going to post this in the Google doc. At this point, do members want to have access to make revisions and put comments in there or are people not necessarily going to do that before Thursday’s call anyway?
Noam Arzt – HLN Consulting, LLC - Public Member I sort of like us going through this together. I don't know. It’s not that long a document. I think it may give us a lot to deal with if we have to be monitoring and commenting on multiple people’s comments over a period of time. That’s my own opinion.
John Kansky – Indiana Health Information Exchange - Co-Chair I’m inclined to agree with Noam, at least at this stage and maybe as we get to a more refined document. We can revisit that. But for now, I think I agree with plowing ahead as we are.
David McCallie, Jr. – Individual - Public Member I agree too.
John Kansky – Indiana Health Information Exchange - Co-Chair Okay. Thanks for your engagement and input and we’ll talk again on Thursday.
Trusted Exchange Framework and Common Agreement Task Force, June 11, 2019 29